2021 National Cyber Summit
The NCS planning committee has been faced with making difficult decisions as it pertains to the 2021 event. It is our ultimate goal to produce an in-person event. Therefore, we are excited to announce that the Summit will take place on September 28-30, 2021. We will continue to monitor COVID-19 conditions and take necessary action if needed to transition to a hybrid or virtual format.
skip navigation

Summit Speaker Rob Wood

Session Information

Building Secure Devices in Untrusted Factories
Wednesday, June 6, 2018 1:30 p.m. - 2:15 p.m.
Today the production of hardware devices involves multiple suppliers at various stages of the production and support life-cycle. With very few exceptions, no electronics manufacturer actually designs and manufactures every single component of a device in their own factory. These hardware and manufacturing supply chains introduce considerable risk that threat actors could gain an opportunity to defraud, steal, counterfeit, or otherwise undermine the security of the produced electronic devices.

Some things that we will discuss in detail:

Why you should not trust your factories. We will explore the various attack patterns seen in real-world manufacturing environments.
How you can build a secure product that your customers can trust even when using untrusted factories and repair center partners.

We will talk about actual solutions that have been implemented to great effect.
South Hall - Meeting Room 2
Mr. Rob Wood photo
Mr. Rob Wood
Practice Director, Hardware and Embedded Security Services
NCC Group
Rob Wood is the Practice Director for the Hardware and Embedded Security Services practice at NCC Group. His career in embedded devices spans 16 years, having worked at both BlackBerry and Motorola Mobility in roles focused on embedded software development, product firmware and hardware security, and supply chain security. Rob is an experienced firmware developer with extensive security architecture experience. His specialty is in designing, building, and reviewing products to push the security boundaries deeper into the firmware, hardware, and supply chain. He is most comfortable working with the software layers deep in the bowels of the system, well below userland, where the lines between hardware and software begin to blur. This includes things like the bootloaders, kernel, device drivers, firmware, baseband, trusted execution environments, debug and development tools, factory and repair tools, and all the processes that surround them.

​Rob has built and managed three hardware security labs with varying budgets and levels of capabilities. These labs produced a number of projects including leading-edge security research, product security assessments, and security incident response. Capabilities have included circuit and component level testing and assessments, silicon device failure analysis (with outside help), factory and repair process/tool/system security and incident response.